Funnily enough, the secure element firmware is actually open source.

And the way they use it, it does not matter. Just hacking the secure element is not enough for anything, it only contains the encryption key for the seed. It's a weird way of doing things, but you need to trust it much less.